27 matches found
PT-2026-20902
Name of the Vulnerable Software and Affected Versions go-ethereum geth versions prior to 1.17.0 Description A specially crafted p2p message can lead to high memory usage. The issue affects the Ethereum protocol implementation. Recommendations Update to version 1.17.0 or later...
EUVD-2021-1653
Malware in sbrugna...
EUVD-2021-1406
Malware in sbrugna...
EUVD-2021-1345
Malware in sbrugna...
EUVD-2021-1427
Malware in sbrugna...
EUVD-2022-5589
Malicious code in bioql PyPI...
EUVD-2024-1428
Malicious code in bioql PyPI...
EUVD-2023-2566
Malicious code in bioql PyPI...
CVE-2020-26265
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade...
CVE-2025-24883
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13...
CVE-2025-24883 go-ethereum has a DoS via malicious p2p message
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13...
CVE-2024-32972
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15...
CVE-2024-32972 go-ethereum denial of service via malicious p2p message
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version 1.13.15...
CVE-2023-40591 Denial of service via malicious p2p message in go-ethereum
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e,...
CVE-2023-40591 Denial of service via malicious p2p message in go-ethereum
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e,...
CVE-2023-40591 Denial of service via malicious p2p message in go-ethereum
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version 1.12.1-stable, i.e,...
tx.origin may be removed in future and its usage is not recommended
Lines of code Vulnerability details Impact There is a chance that tx.origin will be removed from the Ethereum protocol in the future, so code that uses tx.origin must be avoid for the authentication purpose. There is also some EIPs being proposed for change/remove of tx.origin. ethereum/EIPs637 I...
CVE-2022-29177 DoS via malicious p2p message in Go-Ethereum
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that...
Design/Logic Flaw
go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...
CVE-2021-39137
The CVE-2021-39137 entry concerns go-ethereum (Geth). A memory-corruption/consensus flaw in the EVM can cause a node to reject or diverge from the canonical chain, potentially leading to chain splits as described in multiple advisories. A patch is included in the v1.10.8 release; no workaround is...